<?php
error_reporting(7);

$gzipoutput = 0;

unset($action);
if (isset($_POST[action]) AND trim($_POST[action]) != "") {
        $action = $_POST[action];
} elseif (isset($_GET[action]) AND trim($_GET[action]) != "") {
        $action = $_GET[action];
} 

if (!isset($action) OR empty($action)) {
        $url = $HTTP_POST_VARS['url'];
        if (empty($url)) {
                $url = getenv("HTTP_REFERER");
        } 
        $templatelist = "register_agreement,register_agreement_content";
        require "global.php";

        if ($pauserinfo['userid'] != 0) {
                show_errormessage("error_registered");
        } 
        if ($allowregister != 1) {
                show_errormessage("error_register_notallow");
        } 
        eval("\$agreement = \"" . gettemplate('register_agreement_content') . "\";");        

        eval("dooutput(\"" . gettemplate('register_agreement') . "\");");
} 

if ($_POST[action] == "register") {
        $templatelist = "register";
        require "global.php";

        if ($_POST['disagree']) {
                header("Location: $phparticleurl");
                exit;
        } 
        if ($pauserinfo[userid] != 0) {
                show_errormessage("error_registered");
        } 

        if ($allowregister != 1) {
                show_errormessage("error_register_notallow");
        } 
        eval("\$navbit = \"" . gettemplate('navbar_joiner') . "\";");
        eval("\$navbit .= \"" . gettemplate('navbar_register') . "\";");
        eval("\$navbar = \"" . gettemplate('navbar') . "\";");
        
        eval("dooutput(\"" . gettemplate('register') . "\");");
} 

if ($_POST[action] == "insert") {
        require "global.php";
        if ($pnuserinfo[userid] != 0) {
                show_errormessage("error_registered");
        } 

        if ($allowregister != 1) {
                show_errormessage("error_register_notallow");
        } 
        $username = htmlspecialchars(trim($username));
        $password = trim($password);
        $password2 = trim($password2);
        $email = strtolower(trim($email));
        $email2 = strtolower(trim($email2));

        if (empty($username) OR empty($password) OR empty($password2) OR empty($email) OR empty($email2)) {
                show_errormessage("error_register_blank");
        } 

        if (strlen($username) < $username_length_min) {
                show_errormessage("error_register_username_tooshort");
        } 

        if (strlen($username) > $username_length_max) {
                show_errormessage("error_register_username_toolong");
        } 

        if (strlen($password) < $password_length_min) {
                show_errormessage("error_register_password_tooshort");
        } 

        if (strlen($password) > $password_length_max) {
                show_errormessage("error_register_password_toolong");
        } 

        if ($password != $password2) {
                show_errormessage("error_register_password_notmatch");
        } 

        if (!validate_email($email)) {
                show_errormessage("error_register_email_invalid");
        } 

        if ($email != $email2) {
                show_errormessage("error_register_email_notmatch");
        } 

        $checkuser = $DB->fetch_one_array("SELECT * FROM " . $db_prefix . "user WHERE username='$username'");
        if (!empty($checkuser)) {
                show_errormessage("error_register_username_existed");
        } 

        $checkemail = $DB->fetch_one_array("SELECT * FROM " . $db_prefix . "user WHERE email='$email'");
        if (!empty($checkemail)) {
                show_errormessage("error_register_email_existed");
        } 

        if ($require_activation) {
                $usergroupid = 5; // waitting for activation
        } else {
                $usergroupid = 3; // member
        } 

        $passwordhash = md5($password);
        $homepage = $_POST[homepage];

        $DB->query("INSERT INTO " . $db_prefix . "user (username,usergroupid,password,email,homepage,joindate,sex,address,qq,icq,msn,intro,tel,rememberpw,timezoneoffset)
                       VALUES ('" . addslashes($username) . "','$usergroupid','$passwordhash','" . addslashes($email) . "','" . addslashes(trim($homepage)) . "','" . time() . "','" . addslashes(htmlspecialchars($sex)) . "','" . addslashes(htmlspecialchars(trim($address))) . "','" . addslashes(htmlspecialchars(trim($qq))) . "','" . addslashes(htmlspecialchars($icq)) . "','" . addslashes(htmlspecialchars(trim($msn))) . "','" . addslashes(htmlspecialchars(trim($intro))) . "','" . addslashes(htmlspecialchars(trim($tel))) . "','" . addslashes($rememberpw) . "','" . addslashes($timezoneoffset) . "')");
        $pauserid = $DB->insert_id();

        if ($rememberpw == 1) {
                setcookie("pauserid", $pauserid, time() + 3600 * 24 * 365);
                setcookie("papasswordhash", $passwordhash, time() + 3600 * 24 * 365);
        } else {
                setcookie("pauserid", $pauserid);
                setcookie("papasswordhash", $passwordhash);
        } 
        if (empty($url) OR eregi("register.php", $url)) {
                $url = "index.php";
        } 

        $activationcode = makeradompw();
        if ($require_activation) {
                $DB->query("INSERT INTO " . $db_prefix . "useractivation (userid,time,activationcode) VALUES ('$pauserid','" . time() . "','" . addslashes($activationcode) . "')");
                eval("\$subject = \"" . gettemplate('mail_activation_subject') . "\";");
                eval("\$content = \"" . gettemplate('mail_activation_content') . "\";");
                eval("\$mailcontent = \"" . gettemplate('mail_recommendtofriend_mailcontent', 0) . "\";");
                $mailto = $email;
                $recipients = $username;
                mail($mailto, $subject, $mailcontent, "From: $webmastermail\r\n");
                show_information("information_watingforactivation");
        } else {
                redirect($url, "redirect_register_success");
        } 
} 

if ($_GET[action] == "activation") {
        require "global.php";
        $userid = intval($_GET[userid]);
        $DB->query("DELETE FROM " . $db_prefix . "useractivation WHERE time<" . (time()-60 * 60 * 24) . "");

        $checkuseractivation = $DB->fetch_one_array("SELECT * FROM " . $db_prefix . "useractivation
                                                          WHERE userid='$userid' AND activationcode='" . addslashes($_GET[activationcode]) . "'");
        if (empty($checkuseractivation)) {
                show_errormessage("error_invalid_activationcode");
        } 

        if (time() > ($checkuseractivation[time] + 60 * 60 * 24)) {
                $DB->query("DELETE FROM " . $db_prefix . "useractivation WHERE userid='$userid'");

                show_errormessage("error_invalid_activationcode_expiry");
        } else {
                $DB->query("UPDATE " . $db_prefix . "user SET usergroupid='3' WHERE userid='$userid'");
                $DB->query("DELETE FROM " . $db_prefix . "useractivation WHERE userid='$userid'");

                if (empty($url) OR eregi("register.php", $url)) {
                        $url = "index.php";
                } 
                redirect($url, "redirect_user_actived");
        } 
} 

?>